WhatsApp Patches Privacy Flaw in ‘View Once’ Feature After Zengo Discovery

Privacy flaw exposing user status updates to strangers remains unresolved despite being reported months ago

  • WhatsApp has fixed a security flaw in its View Once feature that allowed unauthorized access to disappearing media.
  • Crypto wallet startup Zengo discovered the vulnerability in August 2023 through their web app research.
  • The initial patch by WhatsApp did not fully resolve the security issue.
  • Meta’s latest update prevents unauthorized devices from accessing View Once messages.
  • Security researchers indicate potential remaining vulnerabilities in sender devices.

WhatsApp Patches Major Privacy Vulnerability in Disappearing Media Feature

- Advertisement -

Meta’s messaging platform WhatsApp has implemented a comprehensive fix for a security vulnerability in its View Once feature, addressing a flaw first identified by cryptocurrency wallet provider Zengo in August 2023. The patch comes after months of security concerns about the privacy of supposedly self-destructing media content.

Technical Vulnerability Details

The security flaw, documented by Zengo’s research team, revealed that WhatsApp’s View Once feature could be bypassed through the platform’s web application. The feature, designed to automatically delete media files after a single viewing, failed to enforce restrictions at the API server level.

Zengo’s co-founder Tal Be’ery explained: "When we looked into the implementation details we were very surprised to find that although ‘View Once’ is meant to be limited to platforms in which the app can control its displayed content and prevent other processes from abusing it, it is not enforced by WhatsApp’s API server."

Remaining Security Considerations

While the new update represents a significant improvement, Be’ery notes persistent security concerns:

  • Sender devices still retain access to View Once messages
  • Potential forensic extraction risks remain
  • Increased attack surface due to message availability on multiple sender devices

The discovery emerged from Zengo’s research into messaging platforms as part of their development of Multi-Party Computation (MPC) cryptocurrency wallet technology. The company’s technical team constructed an unofficial WhatsApp client based on open-source web client implementation to demonstrate the vulnerability.

Meta’s response included an initial patch that proved insufficient, followed by the current more comprehensive solution that prevents unauthorized devices from accessing View Once messages, though security experts maintain that additional improvements could further enhance user privacy.

- Advertisement -

✅ Follow BITNEWSBOT on Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Shopify, Coinbase Launch USDC Payments; Mastercard Expands Crypto Access

Shopify and Coinbase allow merchants to accept USDC stablecoin payments, making crypto transactions easier...

Coinbase Launches Wrapped ADA and LTC on Base, COIN Hits New High

Coinbase has introduced wrapped versions of Cardano (ADA) and Litecoin (LTC) on its Ethereum...

ClickFix Attacks Surge 517% in 2025, Fake CAPTCHAs Spread Malware

ClickFix attacks using fake CAPTCHA verifications have risen by 517% in early 2025, according...

FHFA Orders Fannie, Freddie to Consider Crypto as Mortgage Collateral

The U.S. Federal Housing Finance Agency ordered Fannie Mae and Freddie Mac to consider...

Retail Investors Can Now Buy Tokenized Shares of SpaceX via Blockchain

Retail investors can now buy blockchain-based fractional shares in SpaceX through Republic. These digital tokens...

Must Read

Top 11 Hosting Providers To Buy VPS With Bitcoin And Cryptocurrency

As a full-time blogger with over 5 years of experience and running multiple niche websites, I have gained the necessary expertise when it comes...